Closed
Description
The attack is this:
- Subscribe to mytopic with the rate topics header including "mytopic"
- Everyone who subscribes to that topic will count towards that one IPs 250 message limit
- After 250 messages, done
I will remove the rate-topics header entirely as a result, and just enable visitor rate limiting for "up*" topics.